Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 19 Mar 2014 15:48:13 +0200
From: Georgi Guninski <>
Subject: Re: [OT] FD mailing list died. Time for new one

On Wed, Mar 19, 2014 at 05:31:30PM +0400, Solar Designer wrote:
> On Wed, Mar 19, 2014 at 02:58:23PM +0200, Georgi Guninski wrote:
> > Apologies for posting on list mainly dedicated to CVE's.
> I guess you're (partially) kidding.  This list is not meant to be
> "mainly dedicated to CVE's", it just happened to be that way.  Other
> on-topic postings are very welcome, and I find postings about other
> related mailing lists (dis)appearing to be on topic, in part because it
> affects what topics we choose to discuss in here (and what topics to
> discuss in other places).

lol. I was partially kidding and in addition have low
opinion of CVE.

> > The Full Disclosure mailing list died today:
> >
> >
> > 
> > I suppose it is time for a new list.
> > 
> > Any ideas?
> Arrigo Triulzi and I just had this conversation on Twitter:
> <solardiz> Hosting unofficial Full-Disclosure archive we received few message removal requests and no threats that I recall
> <@cynicalsecurity> @solardiz shall we reboot FD?
> <@solardiz> @cynicalsecurity Maybe, but I don't intend to be involved. I wasn't even subscribed except hosting this archive and sometimes looking at it.
> <@cynicalsecurity> @solardiz perhaps we need a different FD, without the automated security bulletins and the trolls. FD with kickbans?
> <@solardiz> @cynicalsecurity With "unmoderated" "full disclosure" list, it's tricky to draw the trolling vs. free speech line. I'll let others do it.
> <@cynicalsecurity> @solardiz yes, agreed.
> So I think someone else should setup the new FD, somewhere.  Openwall
> might host an unofficial archive of it again (with no promises of it
> staying up), and that's it.
> I just recalled another way in which I found FD useful: as a moderator
> for oss-security, I sometimes rejected off-topic yet not totally crappy
> postings with a comment suggesting that the person posts to FD instead.
> We won't be able to continue doing that.  In some cases (mostly for bugs
> in proprietary software) we'll be able to continue to redirect people to
> Bugtraq, but there are in fact not totally crappy postings that I think
> aren't appropriate for either oss-security or Bugtraq - e.g., someone
> wanted to conduct a research survey in the security community recently,
> and I redirected them to FD (I don't know if they posted, nor if their
> posting to FD was approved).  I felt that a posting like that would be
> "too crappy" for Bugtraq (although that sentiment is in part based on
> "the old Bugtraq" of 1990s), but OK given the overall low SNR on FD.
> Alexander

If you ask me there should be no moderation/kickbans.
IMHO this isn't effective against alleged trolls.
Back in the time I was against banning n3td3v.

Maybe some sound daily quota is reasonable though.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ